Steve Langasek <vor...@debian.org> writes: > On Thu, Jan 09, 2014 at 06:20:55PM -0800, Russ Allbery wrote:
>> Regardless, thanks! I spent some time day before yesterday debugging this >> with MIT Kerberos upstream, since the behavior of keyring caches without >> an active session is really weird. Everything works but then the results >> disappear. > I had vaguely wondered why I hadn't seen any sign of pam_keyinit being used > before now. :) I think it's mostly because keyrings aren't widely used outside of AFS, and AFS automatically creates a session keyring when you call setpag(). MIT Kerberos keyring caches are kind of a curiosity, and they have some weird limitations due to the limit on keyring sizes in the kernel without the new large keyring stuff. I think Red Hat uses them for some stuff, but they're still not widespread. (And Heimdal doesn't support them at all.) But I do support them in some of my software and happen to have some test cases, and discovered they started failing on a system where I wasn't setting up PAGs for users.... -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
